Php and post forms, validating

I’ve been running into challenges when doing a php form using POST.
with isset, ereg…basic calculations

Believe the problem to be, that once an error is reached, the actual error values are being browser-cached, meaning the text field values won’t reload when entered correctly, to be processed. So the form gets stuck on empty values.

What are the options?:

  • load a separate error page?
  • try to clear the browser cache (would this affect the way site is crawled/rankings?)
  • move to javascript for errors which I’d rather not do, given the amount of disabled javascript users.

redirect the page after form submission using header(“location: abc.php”)


Use the Post/Redirect/Get pattern, storing errors and previously submitted values in the users session.

When you re-render the form, check for errors and previous values and display as required.


Could someone please have a look at my eregi validation, since it is becoming obvious that the form is getting snagged only on certain values, duplicate entries like: ‘3555’ … while ‘3500’ – does not hang, and processes.

$amount= $_POST['price'];

elseif ((!ereg('[^1-9]+([\\0-9\\.]{1,10})$', $amount)))  {echo "Please enter numbers and commas <br>";}

Which is intended to filter by accepting numbers, and periods only for the decimal/cents portion. From one to ten digits. These are basically any dollar amounts greater than ‘1’

and then, as i look at my own post, i simplify and improve. Since time is like… linear and ascending and all.

if(isset($_POST['time']) && $_SESSION['lastoptime'] < $_POST['time'])) {
  $_SESSION['lastoptime'] = $_POST['time'];
  //rest of the form processing

Silly mistake:

elseif ((!ereg(‘[COLOR=Red][[1]1-9]+([\0-9\.]{1,10})$’, $amount)))

should be:

elseif ((!ereg(‘[COLOR=Blue][[2]1-9]+([\0-9\.]{1,10})$’, $amount)))

ALTHOUGH I do need to add a comma seperator in here (thousands) . How is this done?

  1. /COLOR ↩︎

  2. /COLOR ↩︎

I’ll post a demo, it’s overly complicated as it is all contained in one script, but it may help

needs m0ar jQuery


There arnt that many ways to prevent re-posting of variables… I ran over this problem not too long ago.

What i ended up doing was having the form send <input type=‘hidden’ name=‘time’ value=‘<?php echo time(); ?>’>

and then extending my check-on-submit

if(isset($_POST['time']) && !isset($_SESSION['time'][$_POST['time']])) {
  $_SESSION['time'][$_POST['time']] = 1;
  //rest of the form processing

perhaps not the best solution (as it inflates the Session file), but it works.

elseif ((!ereg('[B][COLOR=Blue][^[/COLOR][/B]1-9]+([\\0-9\\.[B][COLOR=Blue],[/COLOR][/B]]{1,10})$',  $amount)))

(adding comma seperator)

Should be resolved!

I’ll post a demo, it’s overly complicated as it is all contained in one script, but it may help…may. :wink:


  $_SESSION['form_data'] = array(
    'uname' => empty($_POST['uname']) ? '' : $_POST['uname'],
    'umail' => empty($_POST['umail']) ? '' : $_POST['umail'],
    'error' => array()
  if(5 > strlen($_POST['uname'])){
    $_SESSION['form_data']['error'][] = 'Username too short.';
  if(5 > strlen($_POST['umail'])){
    $_SESSION['form_data']['error'][] = 'Email too short.';
  if(0 === count($_SESSION['form_data']['error'])){
    $_SESSION['form_data'] = array();
    header('Location: demo.php?success', true, 302);
    header('Location: demo.php', true, 302);
  <title>PRG Demo</title>
    <?php if(true === array_key_exists('success', $_GET)): ?>
        Thank you for your submission.
    <?php else: ?>
      <?php if(0 < count($_SESSION['form_data']['error'])): ?>
          <?php foreach($_SESSION['form_data']['error'] as $error): ?>
            <li><?php echo $error; ?></li>
          <?php endforeach; ?>
      <?php endif; ?>
      <form action="" method="post">
            <input type="text" name="uname" value="<?php echo $_SESSION['form_data']['uname']; ?>" />
            <input type="text" name="umail" value="<?php echo $_SESSION['form_data']['umail']; ?>" />
        <input type="submit" name="submit" value="Submit" />
    <?php endif; ?>

Yes, I know.

That particular excerpt is addressing a ‘duplicate’ form submission. I.e. A user signing up twice, or sending the same comment again.

I think you’re confused a little. :slight_smile:

JavaScript? You stated you have a large number of non-JavaScript users, now you state your form requires it?

Either way, that’s not the solution.

The PRG pattern cannot address every scenario of duplicate form submission. Some known duplicate form submissions that PRG cannot solve are:

if a web user goes back to the web form and resubmits it.

The form is being resubmitted by the user.

Maybe I should used Javascript if the form requires it anyway?